Warn if push is used without --mode server/--server/--server-bridge

schwabe · cron2 · commit d6a0cf599c68 · 2025-10-28T18:36:25.000+01:00
This is not a supported configuration and will often work good enough to get a connection working but will operate more in a weird pre P2P negotiation compatibility way rather than actually negotiating protocol features. While at it, remove an unused macro (PUSH_DEFINED). Change-Id: I82c7c61be07593ecd5bf2f854767dda74ab5170c Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1288 Message-Id: <20251023155614.20642-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33856.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst
@@ -497,6 +497,9 @@ fast hardware. SSL/TLS authentication must be used in this mode.
   ``--echo``, ``--comp-lzo``, ``--socket-flags``, ``--sndbuf``,
   ``--rcvbuf``, ``--session-timeout``
 
+  Note: using ``--push`` requires OpenVPN to run in ``--mode server`` (or
+  using of one of `--server`, `--server-bridge` helper directives).
+
 --push-remove opt
   Selectively remove all ``--push`` options matching "opt" from the option
   list for a client. ``opt`` is matched as a substring against the whole
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
@@ -2690,6 +2690,13 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
         MUST_BE_UNDEF(vlan_accept, "vlan-accept");
         MUST_BE_UNDEF(vlan_pvid, "vlan-pvid");
         MUST_BE_UNDEF(force_key_material_export, "force-key-material-export");
+
+        if (options->push_list.head)
+        {
+            msg(M_WARN, "Note: Using --push without --mode server is an "
+                        "unsupported configuration. Negotiation of OpenVPN "
+                        "features is expected to fail.");
+        }
     }
 
     /*
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
@@ -768,16 +768,11 @@ struct options
 #define OPT_P_DEFAULT (~(OPT_P_INSTANCE | OPT_P_PULL_MODE))
 
 #define PULL_DEFINED(opt) ((opt)->pull)
-#define PUSH_DEFINED(opt) ((opt)->push_list)
 
 #ifndef PULL_DEFINED
 #define PULL_DEFINED(opt) (false)
 #endif
 
-#ifndef PUSH_DEFINED
-#define PUSH_DEFINED(opt) (false)
-#endif
-
 #ifdef _WIN32
 #define ROUTE_OPTION_FLAGS(o) ((o)->route_method & ROUTE_METHOD_MASK)
 #else
